#!/bin/sh -efu

. shell-quote

FACILITY=user
PROG="${0##*/}"

VM_DIR=/etc/pve/qemu-server

info() {
    echo "[$PROG]: $*" >&2
    logger -t "$PROG" -p "$FACILITY.info" "$*"
}

alert() {
    echo "[$PROG]: $*" >&2
    logger -t "$PROG" -p "$FACILITY.alert" "$*"
}

cleanup() {
    rm -rf "$workdir"
}

[ -d "$VM_DIR" ] || exit 0

workdir="$(mktemp -d --tmpdir $PROG.XXXX)"
trap cleanup EXIT

[ -d "$VM_DIR" ] || exit 0

quote_sed_regexp_variable r_vm_dir "$VM_DIR"
cat <<EOF >"$workdir/filter.sed"
s/^[[:space:]]*-[[:space:]]\\+\\($r_vm_dir\\/[^/]\\+\\.conf\\)\$/\\1/p
EOF

VM_NODE_DIR="$(readlink -e "$VM_DIR")"
if [ -n "$VM_NODE_DIR" ]; then
    quote_sed_regexp_variable r_vm_node_dir "$VM_NODE_DIR"
    cat <<EOF >>"$workdir/filter.sed"
s/^[[:space:]]*-[[:space:]]\\+\\($r_vm_node_dir\\/[^/]\\+\\.conf\\)\$/\\1/p
EOF
fi

sed -n -f "$workdir/filter.sed" >"$workdir/nodes.list"

if [ ! -s "$workdir/nodes.list" ]; then
    info "VM integrity check OK"
else
    cat "$workdir/nodes.list" | while read f; do
	vm="${f##*/}"
	vm="${vm%.conf}"
	alert "VM $vm integrity failure! Locking down VM $vm..."
	qm stop "$vm" && qm block "$vm" ||:
    done
fi
